Communication Network Security Risk Exposure Management Systems and Methods

1. A risk analysis system comprising: a risk analyzer configured to determine a consolidated security risk to a feature of a communication network by analyzing assets of the communication network which are associated with the communication network feature and vulnerabilities affecting the assets which are associated with the communication network feature and calculating the consolidated security risk to the communication network feature based on the vulnerabilities, the consolidated security risk being in addition to any security risks calculated for the assets based on the vulnerabilities; and a user interface operatively coupled to the risk analyzer.

2. The risk analysis system of claim 1 , wherein the assets comprise one or more of: physical assets and logical assets.

3. The risk analysis system of claim 2 , wherein the physical assets comprise equipment in the communication network.

4. The risk analysis system of claim 2 , wherein the logical assets comprise one or more of: software for execution by processors in the communication network and information stored by equipment in the communication network.

5. The risk analysis system of claim 1 , further comprising one or more of: an event manager configured to receive information associated with vulnerabilities and assets, and to update current vulnerabilities and assets based on the received information; a network model manager configured to capture a representation of the communication network and the determined consolidated security risk; and a report manager configured to receive through the user interface risk report selection inputs and to generate a report of the determined consolidated security risk in accordance with the received selection inputs.

6. The risk analysis system of claim 1 , wherein the user interface comprises one or more of: a simulation interface configured to receive information associated with temporary changes to the vulnerabilities, assets, or both; a configuration interface configured to receive one or more of network configuration information associated with vulnerabilities, assets, or both, and risk analysis configuration information for configuring an analysis process applied to the vulnerabilities and assets by the risk analyzer; a network map configured to present a representation of the communication network and the determined consolidated security risk; and a report interface configured to receive risk report selection inputs for configuring a report of the determined consolidated security risk.

7. The risk analysis system of claim 1 , further comprising: a data system configured to provide access to risk exposure management information.

8. The risk analysis system of claim 1 , wherein the risk analyzer is further configured to determine the consolidated security risk by analyzing vulnerabilities which affect the communication network feature.

9. The risk analysis system of claim 8 , wherein the risk analyzer comprises: a direct exposure calculator configured to determine a direct exposure risk to the communication network feature based on the vulnerabilities which affect the communication network feature; an indirect exposure calculator configured to determine an indirect exposure risk to the communication network feature based on the vulnerabilities affecting the assets which are associated with the communication network feature; a total exposure calculator configured to determine a total exposure risk to the communication network feature as a function of the direct exposure risk and the indirect exposure risk; and a risk calculator configured to determine the consolidated security risk to the communication network feature based on the total exposure risk.

10. The risk analysis system of claim 9 , wherein the vulnerabilities affecting the assets which are associated with the communication network feature are determined in a sequence according to a traversal order of the assets.

11. The risk analysis system of claim 1 , wherein the user interface is configured to receive from a user risk analysis configuration information specifying the communication network feature.

12. The risk analysis system of claim 11 , wherein the risk analyzer is further configured to provide through the user interface an indication of the determined consolidated security risk.

13. The risk analysis system of claim 7 , wherein the data system is configured to provide access to one or more of: a vulnerabilities database configured to store information associated with the vulnerabilities; an asset database configured to store information associated with the assets; a security state database configured to store information associated with the determined consolidated security risk; and a user interface database configured to store information associated with the user interface.

14. A communication network security risk analysis method comprising: providing vulnerabilities affecting assets of a communication network; and determining a consolidated security risk to a feature of a communication network by analyzing the assets which are associated with the communication network feature and the vulnerabilities affecting the assets which are associated with the communication network feature and calculating the consolidated security risk to the feature based on the vulnerabilities, the consolidated security risk being in addition to any security risks calculated for the assets based on the vulnerabilities, wherein the assets comprise one or more of: physical assets comprising equipment in the communication network; and logical assets comprising one or more of: software for execution by processors in the communication network and information stored by equipment in the communication network.

15. The method of claim 14 , further comprising: providing an indication of the determined consolidated security risk.

16. The method of claim 14 , further comprising: receiving information associated with vulnerabilities and assets; updating current vulnerabilities and assets based on the received information.

17. The method of claim 14 , further comprising: receiving risk analysis configuration information; and adapting an analysis process applied to the vulnerabilities and assets in accordance with the received risk analysis configuration information.

18. A machine-readable medium storing instructions which when executed perform the method of claim 14 .

19. The method of claim 14 , further comprising: providing vulnerabilities which affect the feature of the communication network, wherein determining further comprises determining the consolidated security risk by analyzing the vulnerabilities which affect the feature of the communication network.

20. A machine-readable medium storing instructions which when executed perform the method of claim 19 .